epass OTP Authentication Server Configuration Manual

Similar documents
10ZiG Technology. Thin Desktop Quick Start Guide

PAS. Installation Guide. BG0608 Rev. A1. Copyright SATEC Ltd.

2012 Peer Small Business Data

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

HR-Lite Database & Web Service Setup Guide

STATISTICA VERSION 10 STATISTICA MONITORING AND ALERTING SERVER (MAS) INSTALLATION INSTRUCTIONS

McAfee Install Instructions: Windows Vista

Local Playback Software User Manual V1.0

xtrace Monitor Installation Guide

PhotoPDF User Guide. PhotoPDF. Photo to PDF Converter

Remote Support Security Provider Integration: RADIUS Server

Digipass Plug-In for SBR. SBR Plug-In SBR. Steel-Belted RADIUS. Installation G uide

Acronis Backup & Recovery 11 Beta Advanced Editions

LABEL ARCHIVE Administrator s Guide

Microsoft Windows GINA login

CRYPTOCard Migration Agent for CRYPTO-MAS

Security Provider Integration RADIUS Server

Release Date March 10, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60610, USA Phone: (312)

WEBSEWSS SINGLE SERVER INSTALLATION INSTRUCTIONS

CRA Wiz and Fair Lending Wiz. Installation Guide V6.9

AVG Business Edition Remote Administration

DS2 Support. DS2 / inet System Installation Scenario 2. Scenario 1: - Windows 2003 Server - Utilizing an External SQL Server

IQSweb Installation Instructions Version 5.0

WIRELESS DATABASE VIEWER PLUS (ENTERPRISE EDITION) SERVER SIDE USER GUIDE

Smart Energy & Power Quality Solutions. GridVis introduction. Dok. Nr.:

Acronis Backup & Recovery 10 Advanced Editions

TIE1.80InstallationGuideUK

DSS User Guide. End User Guide. - i -

Welcome to this review guide for the configuration and use of Database Fields. Requirements. Contact Us. Create a Database Fields index in ZyINDEX

Remote Process Explorer

Release Date September 30, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

Secure Single Sign On with FingerTec OFIS

Business Connect Secure Remote Access Service (SRAS) Customer Information Package

Pension System/Windows. Installation Guide


Quick Start Guide. Laplink Software, Inc. Quick Start Guide. w w w. l a p l i n k. c o m / s u p p o r t MN-LLG-EN-14 (REV. 01/08)

KYOCERA Net Admin User Guide

Congratulations You have just added an extra layer of security to your Bank Windhoek Internet Banking account. Manual

OASIS Mobile Installation Guide

Installation and Configuration Guide

Colligo Engage Outlook App 7.1. Offline Mode - User Guide

Setting up a database for multi-user access

INSTALLATION AND SIGN-ON

National Fire Incident Reporting System (NFIRS 5.0) Configuration Tool User's Guide

Read Naturally SE Update Windows Network Installation Instructions

Installation Guide CONTROL MICROSYSTEMS

MOBILEDATABASE USER GUIDE PRODUCT VERSION: 1.0

Pension System/Windows. Installation Guide

DOCUMENT HISTORY REV. NO. CHANGES DATE. 000 New Document 30 Mar Document Revision:

End User Manual. December 2014 V1.0

SilkTest Installation Guide

Perceptive Matching Engine

LepideAuditor for File Server. Installation and Configuration Guide

ProKitchenNet User s Guide ProKitchen Server Edition. Real View, LLC

Bridge Cable User s Guide

Relius Administration Version 16.0 (and higher) Component Installation and Configuration. July 6, 2011

Halcyon Spooled File Manager GUI. v8.0 User Guide

Symantec Backup Exec Quick Installation Guide

Chapter 2 Autodesk Asset Locator... 3

TPP Server INSTALLATION AND SET-UP

KYOCERA Net Admin Installation Guide

Copyright Autodesk, Inc.

USING DIRECT DATABASE DRIVERS

Version 12.0 Component Installation and Configuration. January 31, 2007

External Data Connector for SharePoint

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

Contents. 1 Introduction... 2 Introduction to Installing and Configuring LEI... 4 Upgrading NotesPump to LEI...

Installing the Management Software

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

Finger Authentication Server

Immotec Systems, Inc. SQL Server 2008 Installation Document

External Data Connector for SharePoint

R9.7 erwin License Server:

Device Set-Up. User s Guide

SnapShot Installation Guide

Personality Migration Reference

Installation Guidance Version 12.0

EasiShare Desktop User Guide

WinSCP. Author A.Kishore/Sachin

TTWin 4 Quick Start Guide

TM1 9.0 SP2 UNIX Installation Help

Nuance SafeCom Smart Printing Administrator s Quick Guide

CTECS Connect 2.2 Release Notes December 10, 2009

This document describes the installation procedure for Embed-SE (Simulation Edition)

Database Migration Guide

Addendum 2. Features. Addendum 2. Service Pack 2

PropertyBoss Upgrade

Summary of Server Installation

Installation and Programming Instructions Part: Service Gateway

Installation and Configuration Guide

Release Date April 9, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

Workstation Setup Instructions Release 9.5

Reporting for Contact Center Setup and Operations Guide. BCM Contact Center

VersaPrint Operator s Manual

SymmetricDS Pro 3.0 Quick Start Guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

CollabNet SourceForge Office Plug-in

NetSupport ServiceDesk Product Manual Version 3.10

BLACKBERRY WIRELESS DATABASE VIEWER USER GUIDE PRODUCT VERSION: 1.0

Codebook. Codebook for OS X Introduction and Usage

Transcription:

epass OTP Authentication Server Configuration Manual Version 1.0 Copyright 2002-2007 Feitian Technologies Co., Ltd. http://www.ftsafe.com I

Directory 1. Installation... 1 2. Uninstallation... 6 3. Business Authentication Manager... 8 3.1 Configure Authentication Server... 8 3.1.1 Configure Database... 9 3.1.2 Configure User List... 10 3.1.3 Import Token... 13 3.1.4 Configure RADIUS Server... 14 3.1.5 Configure Load Balancing... 15 3.2 Configure Authentication Agent... 17 3.2.1 Add Agent Server... 18 3.2.2 Generate Public key... 19 3.3 Token Management... 19 3.3.1 Add Token... 20 3.3.2 Delete Token... 21 3.3.3 Search Token... 21 3.3.4 Export Tokens... 23 3.3.5 Synchronize Token... 24 3.3.6 Suspend Token and Unsuspend Token... 25 3.3.7 Assign Tokens... 28 3.4 User Management... 30 3.4.1 Add User... 31 3.4.2 Import User... 33 3.4.3 Delete User... 33 3.4.4 Search User... 34 3.4.5 Edit Token... 36 3.5 Log Management... 36 3.5.1 Search Log... 37 II

3.5.2 Delete Log... 39 3.5.3 Export Log... 39 Appendix 1 Firewall Settings... 41 Suggest... 41 1. Close Windows Firewall... 41 2. Configure Windows Firewall... 41 Appendix 2 About 1812 Port number... 45 Suggest... 45 Appendix 3 About ODBC Driver Name... 46 III

1. Installation 1. Insert the installation CD and double-click OTPServer (Windows).msi to run system install, the welcome window will be displayed as shown in Figure 1: Figure 1 Welcome Window 2. Click Next to display the License Agreement as in Figure 2: 1

Figure 2 License Agreement 3. Click Next, the user needs to specify a personal license file, as shown in Figure 3: Figure 3 Specify License File 4. Select a license file and click Next, then the optional install window will be displayed for the user to select components to install, as shown in Figure 4: 2

Figure 4 Customized Install 5. Select the components required to install and click Next, a new dialog box for the user to select the install location is displayed as in Figure 5: Figure 5 Choose Install Location 6. Press Browse to specify an install folder then click Next, a ready install window will be 3

displayed as shown in Figure 6: Figure 6 Ready to Install 7. Confirm the above settings are correct and click Install to start system installation, a progress bar will display the real-time state as shown in Figure 7: Figure 7 Processing Install 4

8. The complete window will be displayed after successful installation, as shown in Figure 8: Figure 8 Complete Installation 9. Click Finish to exit the authentication server installation of the epass OTP Authentication system. 10. Database support is absolutely necessary for the epass OTP Authentication Server, and MSDE is the default option. Subsequent to the Authentication Server, the installation of MSDE database will be started automatically, as shown in Figure 9: Figure 9 Install Database 11. After installing the default MSDE database, you have finished the full installation of the epass OTP Authentication Server. 5

2. Uninstallation The method to uninstall the authentication server is similar with others, either by Add/Remove Programs in the control panel; or by using the uninstall shortcut at Start > All Programs. 1. Control Panel Operation 1) Click Start > Control Panel > Add/Remove Programs, as shown in Figure 10: Figure 10 Add/Remove Programs 2) Click the Delete button corresponding to the epass OTP Authentication Server 2. Uninstall Shortcut 3) Click Start > All Programs > epass OTP Authentication Server > Uninstall, as shown in Figure 11: 6

Figure 11 Uninstall Shortcut 4) The dialog box to confirm the uninstall task will be displayed as shown in Figure 12: Figure 12 Confirmation 3. Click Yes to complete the uninstall process of the epass OTP Authentication Server, as shown in Figure 13: Figure 13 Uninstalling 7

3. Business Authentication Manager Business Authentication Manager is a graphical user interface (GUI) management tool, providing a convenient and fast way for users to manage authentication servers, proxy servers, tokens, users and logging. Multiple types of databases can be supported by this manager, so please refer to the table below: DB Server Version Support OS (Microsoft) Related Official Site Postgresql-8.2 Windows 2000/XP/Server 2003 http://www.postgresql.org/d ocs/ Oracle Database10g (10.1) Enterprise/Standard/End-User Oracle9iRelease2 (9.2) Enterprise/Standard/End-User Oracle9i Version 1 (9.0.1) Enterprise/Standard/End-User Oracle8i Version 3 (8.1.7) Enterprise/Standard/End-User Windows 2000/XP/Server 2003 Windows 2000/XP/Server 2003 Windows 2000/XP Windows 2000 https://metalink.oracle.com/ https://metalink.oracle.com/ https://metalink.oracle.com/ https://metalink.oracle.com/ Microsoft SQL Server 2005 Windows 2000/XP/Server2003/ http://www.microsoft.com/s Enterprise/Standard/End-User VISTA ql/default.mspx Microsoft SQL Server 2000 Enterprise/Standard/End-User Microsoft Access WindowsNT/2000/ XP(development version only) Windows 2000/XP/Server 2003/ VISTA http://www.microsoft.com/s ql/default.mspx http://www.microsoft.com/o ffice MYSQL 5.1 Windows 2000/XP/Server 2003 http://www.mysql.org/doc/ 3.1 Configure Authentication Server Open epass OTP Authentication System manager, as shown in Figure 14: 8

Figure 14 epass OTP Authentication Server 3.1.1 Configure Database Click Configure in the Database Settings field to start configuration, as shown in Figure 15: Figure 15 Database Configuration First of all, select database type in the Database dropdown list, as shown in Figure 16: 9

Figure 16 Database Type Then, input the host IP address and port number of the database installed machine and the name of the database as well as the user / password of the database. It is required to initialize the database for first time usage; clicking Initialize Database will initialize the database according to the current configurations. Click OK to complete the database configuration. 3.1.2 Configure User List Configuring User relationship is necessary in case an existing database is in use. Click Configure to prompt the current user table in the list for users to select, as shown in Figure 17: 10

Figure 17 User Relationship Taking a look at the interface, all existing users listed in the current database are displayed in the Table name on the left panel. Selecting any one table will display the relevant table s information in Column on the right panel, as shown in Figure 18: 11

Figure 18 Select User Table Select a column corresponding to the user name and click OK to complete configuring the user list, as shown in Figure 19: 12

Figure 19 Column of Username 3.1.3 Import Token Open the epass OTP Authentication System manager shown as in Figure 14, click Import Tokens in the Token part, the Open File task window will be displayed as shown in Figure 20: 13

Figure 20 Import Token Select the token file you want to import and click Open, a message box with import-token information will then be displayed, as shown in Figure 21: Figure 21 Imported Token Information 3.1.4 Configure RADIUS Server Select RADIUS type to apply for user authentication, check either Standard RADIUS or Extended RADIUS or both of them to be supported. For example, select the first option to support Standard RADIUS, as shown in Figure 22: 14

Figure 22 Configure RADIUS Authentication 3.1.5 Configure Load Balancing The epass OTP Authentication System provides load balancing support, users may configure several servers to process authentication with priority. Open the epass OTP Authentication System manager shown as in Figure 14, and select the Host tag in the left tree panel, as shown in Figure 23: 15

Figure 23 Authentication Host 3.1.5.1 Add Authentication Host Click Add to display the window as shown in Figure 24: Figure 24 Add Authentication Host Input the IP address of the server machine to add, as well as the Port and Sync port respectively, then select the priority for this server to process authentication from the dropdown list; High, Normal, or Low levels. After inputting all necessary information, click OK to complete adding the authentication server. 16

Notes: If the authentication server is added after installing the authentication agent, you must regenerate the Public key of the authentication agent based on the new authentication server, and overwrite the original key file completely. 3.1.5.2 Delete Authentication Host In the case that the authentication server is no longer required, the user may remove it from the server list. Select the authentication server to remove, click Delete to prompt the dialog box as shown in Figure 25: Figure 25 Delete Host Message Click OK to delete the specific authentication host. 3.2 Configure Authentication Agent Open the epass OTP Authentication System manager shown as in Figure 14, and select the Agent tag in the left tree panel, as shown in Figure 26: 17

Figure 26 Authentication Agent 3.2.1 Add Agent Server Agent host is the machine to install the authentication agent service. Click Add agent in the Proxy Authentication tag page, as shown in Figure 27: Figure 27 Add Agent Input the host IP address in the field Agent IP, and input the Public key being used for the 18

communications between the proxy server and the authentication server; additionally inputting some notes if necessary. After that, click OK to complete adding the authentication agent. 3.2.2 Generate Public key You must specify a Public key file during the installation of the authentication agent service. First you need to select an existing proxy server that has been previously added, click Create keyfile in the Agent interface, as shown in Figure 28: Figure 28 Create Public key File Select the location and file name of the Public key file, and click Save to generate. 3.3 Token Management With Manage Token, you can process all token-related operations such as adding, deleting, finding and importing tokens etc. Open the epass OTP Authentication Server manager shown as in Figure 14, and select Token tag in the left tree panel, as shown in Figure 29: 19

Figure 29 Token Management 3.3.1 Add Token Click Add Token within the operation area, as shown in Figure 30: Figure 30 Add Token Input the token number, Public Key, PIN Number, Authentication Base Number, and Synchronous Window in the corresponding fields, and click OK to complete adding a new token. 20

3.3.2 Delete Token Detailed information about all existing tokens is listed within the token management interface. Select a token from the list and click Delete to remove the record, or you may click Select All to check all items and click Delete to clear the list, please refer to Figure 31: Figure 31 Delete Token A confirmation dialog box will be displayed once clicking Delete, as shown in Figure 32 below: Figure 32 Delete Confirmation Click OK, one or multiple selected token s information will be removed. 3.3.3 Search Token Input the token serial number in the Token edit box, as shown in Figure 33: 21

Figure 33 Search Token Click Search, the token information will be displayed accordingly in the list below, as long as this token was recorded in the system database, as shown in Figure 34: Figure 34 Search Result 22

3.3.4 Export Tokens The token export function works on both single token and multiple tokens. Select token(s) to be exported in the token list (using SHIFT / CTRL key for multiple selections), as shown in Figure 35: Figure 35 Select Token to Export Click Export Tokens, a new window will be displayed to specify export settings, as shown in Figure 36: 23

Figure 36 Export Tokens Select the name and location for exported tokens, and click Save to complete the tokens exporting operation. 3.3.5 Synchronize Token User login authentication will fail if the token goes beyond the synchronous counter. In such an eventuation the token must be re-synchronized. In Token interface, click the Sync button to prompt the OTP Synchronization dialog box, as shown in Figure 37: Figure 37 Synchronize Token Input the token serial number into the User name field and depress the button on the token, input this number on the token LCD into the First OTP field and depress the button on the token again. 24

Similarly, input this second number into the Second OTP field and click OK at the end. The message box will be displayed as in Figure 38 below if the token is synchronized successfully: Figure 38 Synchronization Successfully Otherwise, the failed message box will be displayed as in Figure 39: Figure 39 Synchronization Failed 3.3.6 Suspend Token and Unsuspend Token If a user has lost his/her token, the administrator must quickly report the loss of the corresponding token, making sure such tokens are frozen and out-of-use. If a user recovers the lost token, the administrator may unlock the suspended token and make it work as previously. Specify the token to be reported as lost by clicking Suspend, as shown in Figure 40: 25

Figure 40 Suspend Token The suspended token will be marked as 1 in the locked column in the token list, as shown in Figure 41 below: Figure 41 Locked Tag 26

To unlock a token you should select a suspended token with locked marked against it and click Unsuspend, as shown in Figure 42: Figure 42 Unsuspend Token The locked mark against the token in the list will be set as 0 if the token was successfully unsuspended, as shown in Figure 43 below: 27

Figure 43 Unlocked Tag 3.3.7 Assign Tokens Assign Tokens means to create a connection between a token and a user without a token. In Token interface, click Assign tokens to open the new task window as shown in Figure 44: 28

Figure 44 Assign Tokens Users without assigned tokens are listed in the User list on the left panel, on the right panel all available tokens are listed in the Token list. Select a user and the token to be assigned, as shown in Figure 45: 29

Figure 45 Select the User and Token Meanwhile, in the Assign Tokens section, the selected user name and token number will be displayed in their fields respectively. Click Assign for confirmation of the specified user holding the selected token accordingly. 3.4 User Management Within User interface, you can select to add, delete or find user(s). Additionally the token assignment issue can be set here for better management. Open the epass OTP Authentication Server manager shown as in Figure 14. Select User option in the left tree panel, as shown in Figure 46: 30

Figure 46 User Management 3.4.1 Add User Click Add User in the User interface, a dialog box will prompt as shown in Figure 47: Figure 47 Add User Input a user name for the new user in the field. You can specify a token for a user either from the dropdown list under the Token column or from 31

the token list to be assigned on the right panel. Additionally, you can leave the field as blank to assign the token to the user in a later step. Checking the Need PIN option, the system will take 1234 as the default PIN automatically. Click OK to complete adding a new user. Figure 48 Bundle Username and Token Number As an example (Figure 49 below), two users appear in the user list, one assigned with a token, and another added without a token: 32

Figure 49 User Information 3.4.2 Import User Here you can import TXT-format user information into the system. In the User interface, click Import user from file to open the Open File task window, as shown in Figure 50: Figure 50 Import User Select the file to import and click Open to complete the operation. 3.4.3 Delete User The user delete function takes effect on both single user and multiple user information. Select user(s) to be deleted from the user list in the right main interface, as shown in Figure 51: 33

Figure 51 Delete User Click Delete, a confirmation dialog box will be displayed as shown in Figure 52 below: Click OK to delete the selected user(s). Figure 52 Delete Confirmation 3.4.4 Search User The Search function is available for both exact searching and fuzzy searching; that is, you can leave no term, or input one or a couple of terms in the search field. Input either or both conditions of user name and token number in the corresponding fields. Checking Is First option will filter out non-first time users in such cases. Refer to Figure 53 for further detail: 34

Figure 53 Specify Search Term Click Search, all users in accord with the searching condition will appear in the user list, as shown in Figure 54: Figure 54 Return Search Result 35

3.4.5 Edit Token The token edit function works based on the user list, and is designed to add token information for users without a token assignment in the Add User stage or edit current token information for users. Select a user to be edited and single-click the cell in the token column, it displays the edit box as shown in Figure 55: editing. Figure 55 Edit User Token In the edit box you may specify the token number assigned to a user. Click Enter to complete 3.5 Log Management With features provided in the Log manager, you can easily process viewing, finding, and deleting log tasks. Open the epass OTP Authentication Server manager as shown in Figure 14, select Log item in the left tree panel, as shown in Figure 56: 36

Figure 56 Log Management 3.5.1 Search Log The Search function is possible by both exact searching and fuzzy searching. Input required searching conditions into the Log interface according to your requirements, for example, you can specify the user name, token number and time information in their fields respectively. The return information found by the account name user1 is shown in Figure 57: 37

Figure 57 Specify Search Term Click Search, all log records matching the search criteria will be displayed in the list below, as shown in Figure 58: Figure 58 Return Value 38

3.5.2 Delete Log Log delete feature takes effect on both single and multiple log records. In Token interface, first select the log record(s) to delete (using SHIFT / CTRL key for multiple selections), as shown in Figure 59: Figure 59 Select Logs to Delete Click Delete, a confirmation message pop up is displayed as shown in Figure 60 below: Click OK to delete the selected log records. Figure 60 Delete Confirm Message 3.5.3 Export Log The Export feature allows users to export log information in system files. In the Log interface, select log records to export, as shown in Figure 61: 39

Figure 61 Export Log Click Export to open the Save File task window, as shown in Figure 62 below: Click Save to complete log files exporting. Figure 62 Save Export Log Files 40

Appendix 1 Firewall Settings Generally, Windows Firewall is integrated within Windows XP SP2 and is distributed automatically. If installing epass OTP Authentication Server on the computer within such an environment, Windows Firewall will definitely prevent communications of the OTP Authentication Server. Suggest 1. Close Windows Firewall Click Start > Control Panel > Windows Security Center In the top Firewall panel select the Off option to manually turn off Windows Firewall. 2. Configure Windows Firewall Click Start > Control Panel > Windows Firewall 41

Select Exceptions tag 42

Click Add Port to open a new task window Input an appropriate name and port number, and check UDP option 43

Note: Three ports are required to process the OTP Authentication Server; these are 1915, 1916 and 1812, and you must add them in three times respectively. (Please remember to input the correct port number if modifying the default one). Click OK for confirmation. 44

Appendix 2 About the 1812 Port number Supposed the OTP Authentication Server is installed in a Windows 2003 Server station with RADIUS service running on port 1812 by default. Consequently, it will clash with the IAS Authentication Service or other programs required occupying the port 1812. Suggest Close the IAS Authentication Service and other 1812-port-programs at the computer applied as the epass OTP Authentication Server. Modify the port number of the RADIUS service. Under <\conf> folder of the epass OTP Authentication Sever installation site, open OTPradserv.conf file and point to the auth_port field, here you should specify an alternate port value and save to restart the RADIUS service directly. 45

Appendix 3 About ODBC Driver Name epass OTP Authentication Server uses a default ODBC Driver name, please refer to the following table in detail: Database ODBC Driver PostgreSQL Access MySQL SQLServer MSDE Oracle PostgreSQL ANSI Microsoft Access Driver (*.mdb) MySQL ODBC 3.51 Driver SQL Server SQL Server Oracle in OraDb10g_home1 While Configuring Database, some errors may occur like Database link error, please check if configuration file is right and please check if corresponding ODBC is installed. In such cases please go to the register entry HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI to check whether the ODBC name is consistent with the default value listed in the above table. If not, please change the ODBC name within the registry in accordance with the default value and reconfigure the database if necessary. 46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback